package cn.tj212.xiaoyin.web.auth;

import cn.tj212.xiaoyin.common.storage.QiniuStorage;
import cn.tj212.xiaoyin.common.storage.ThumbModel;
import cn.tj212.xiaoyin.common.web.SessionContext;
import cn.tj212.xiaoyin.common.web.auth.SessionUser;
import cn.tj212.xiaoyin.core.auth.domain.AuthUser;
import cn.tj212.xiaoyin.core.auth.service.IAuthUserService;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

public class AuthRealm extends AuthorizingRealm {

    @Autowired
    private IAuthUserService authUserService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (principalCollection==null)
            throw new AuthorizationException("PrincipalCollection method argument can not be null!");
        SessionUser user=SessionContext.getAuthUser();
        if (user==null)
            return null;
        //设置权限
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        //获取用户权限并设置
        info.setStringPermissions(user.getPermissions());
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        String username = token.getUsername();
        String password = String.valueOf(token.getPassword());
        AuthUser authUser = null;

        /**
         * 业务代码--start
         */
        try {
            AuthUser tmpAuthUser = new AuthUser();
            tmpAuthUser.setUsername(username);
            tmpAuthUser.setPassword(password);

            tmpAuthUser = authUserService.getByUsernameAndPassword(tmpAuthUser);

            if (tmpAuthUser != null) {
                authUser = new AuthUser();
                authUser.setId(tmpAuthUser.getId());
                authUser.setRealname(tmpAuthUser.getRealname());
                authUser.setUsername(tmpAuthUser.getUsername());
                authUser.setStatus(tmpAuthUser.getStatus());
                if (!StringUtils.isBlank(tmpAuthUser.getHeader())) {
                    authUser.setHeader(QiniuStorage.getUrl(tmpAuthUser.getHeader(), ThumbModel.THUMB_256));
                } else {
                    throw new AuthenticationException("# user password is not correct!");
                }
            }
        }catch (AuthenticationException e){
            throw new AuthenticationException("# user password is not correct!");
        }
        //业务代码-end
        // 设置用户权限信息
		/*try {
			authUser.setPermissions(permissions);
		} catch (Exception e) {
			throw new AuthenticationException("## user permission setter exception! ");
		}*/
        // 创建授权用户
        SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(authUser,password,getName());
        return info;
    }
}
